# Contributor: Oleg Titov <oleg.titov@gmail.com>
# Maintainer: Oleg Titov <oleg.titov@gmail.com>
pkgname=singularity
pkgver=3.8.7
pkgrel=3
pkgdesc="Application containers focused on reproducibility for scientific computing and HPC world."
url="https://www.sylabs.io/singularity/"
# aarch64: segmentation fault during build
# ppc64le: produces a non-PIE suid binary
arch="all !aarch64 !ppc64le"
license="BSD-3-Clause AND BSD-3-Clause-LBNL"
options="suid !check" # no test suite from upstream
depends="squashfs-tools"
makedepends="
	bash
	cni-plugins
	cryptsetup
	go
	libseccomp-dev
	"
subpackages="$pkgname-doc $pkgname-bash-completion"
source="https://github.com/apptainer/singularity/releases/download/v$pkgver/singularity-$pkgver.tar.gz"

# secfixes:
#   3.8.5-r0:
#     - CVE-2021-41190
#     - GHSA-77vh-xpmg-72qh
#   3.7.4-r0:
#     - CVE-2021-32635
#   3.7.3-r0:
#     - CVE-2021-29136
#   3.6.4-r0:
#     - CVE-2020-15229
#   3.6.3-r0:
#     - CVE-2020-25039
#     - CVE-2020-25040
#   3.6.0-r0:
#     - CVE-2020-13845
#     - CVE-2020-13846
#     - CVE-2020-13847
#   3.5.2-r0:
#     - CVE-2019-19724

export GOPATH="$srcdir"
export GOFLAGS="$GOFLAGS -modcacherw -trimpath"

prepare() {
	default_prepare
	echo "$pkgver" > "$builddir"/VERSION
}

build() {
	# override git dir so it picks up our version above
	GIT_DIR=. ./mconfig \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--infodir=/usr/share/infodir \
		--localstatedir=/var \
		--without-network

	make -C builddir GOFLAGS="$GOFLAGS"
}

package() {
	make -C builddir DESTDIR="$pkgdir" GOFLAGS="$GOFLAGS" install

	install -Dm644 -t "$pkgdir"/usr/share/doc/$pkgname README.md

	mkdir -p "$pkgdir"/usr/share/bash-completion/completions
	mv "$pkgdir"/etc/bash_completion.d/singularity \
		"$pkgdir"/usr/share/bash-completion/completions
}

sha512sums="
5649264c15414b90bab47d1958ec61681fa0b9e37ee445a5059f78f3d822aa27f5b9c5c4f4010d053ec9d03e0215c67e2de8e315f74de7d3cd16b8399f40ee59  singularity-3.8.7.tar.gz
"
